Skip to main content
POST
/
api
/
login
Login User
curl --request POST \
  --url https://api.example.com/api/login \
  --header 'Content-Type: <content-type>' \
  --header 'x-api-key: <x-api-key>' \
  --data '
{
  "email": "<string>",
  "password": "<string>"
}
'
{
  "status": "<string>",
  "message": "<string>",
  "data": {
    "token": "<string>"
  }
}

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/memoowi/e-comm-api-demo-2/llms.txt

Use this file to discover all available pages before exploring further.

Endpoint

POST http://localhost:5000/api/login

Headers

x-api-key
string
required
Your API key for accessing the API
Content-Type
string
required
Must be application/json

Request Body

email
string
required
The user’s registered email address
password
string
required
The user’s password. Will be compared against the hashed password in the database.

Response

status
string
Response status - “OK” for success
message
string
Response message - “Login successful” on success
data
object

Code Example

Here’s the actual implementation from the controller: 
export const login = async (req, res) => {
  const { email, password } = req.body;
  if (!email || !password) {
    return errorResponse({
      res,
      statusCode: 400,
      message: "All fields are required",
    });
  }

  try {
    const [rows] = await db.execute("SELECT * FROM users WHERE email = ?", [
      email,
    ]);
    if (rows.length === 0) {
      return errorResponse({ res, statusCode: 404, message: "User not found" });
    }

    const user = rows[0];
    const validPassword = await bcrypt.compare(password, user.password);
    if (!validPassword) {
      return errorResponse({
        res,
        statusCode: 401,
        message: "Incorrect Password",
      });
    }

    const token = jwt.sign(
      { id: user.id, email: user.email, name: user.name, profile_photo: user.profile_photo },
      process.env.JWT_SECRET,
      { expiresIn: "8h" }
    );

    successResponse({
      res,
      statusCode: 200,
      message: "Login successful",
      data: { token },
    });
  } catch (err) {
    errorResponse({ res, statusCode: 500, message: "Internal Server Error" });
  }
};

Request Example

curl -X POST http://localhost:5000/api/login \
  -H "x-api-key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "john@example.com",
    "password": "securepassword123"
  }'

Response Examples

Success Response (200)

{
  "status": "OK",
  "message": "Login successful",
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }
}

Error Responses

Missing Fields (400)

{
  "status": "ERROR",
  "message": "All fields are required",
  "data": null
}

Incorrect Password (401)

{
  "status": "ERROR",
  "message": "Incorrect Password",
  "data": null
}

Invalid API Key (403)

{
  "status": "ERROR",
  "message": "Invalid API Key",
  "data": null
}

User Not Found (404)

{
  "status": "ERROR",
  "message": "User not found",
  "data": null
}

Server Error (500)

{
  "status": "ERROR",
  "message": "Internal Server Error",
  "data": null
}

Token Usage

After successful login, use the returned JWT token for authenticated endpoints by including it in the Authorization header: 
Authorization: Bearer <token>
The token expires after 8 hours and contains the following payload: 
{
  "id": 1,
  "email": "john@example.com",
  "name": "John Doe",
  "profile_photo": "path/to/photo.jpg",
  "iat": 1234567890,
  "exp": 1234596690
}

Security Notes

  • Passwords are hashed using bcrypt with 10 salt rounds before storage
  • Password comparison is done using bcrypt.compare() for secure validation
  • JWT tokens are signed with a secret key stored in environment variables
  • All requests require a valid API key in the x-api-key header

Build docs developers (and LLMs) love

Get started for freeTalk to us